fix Flooding CPU Attack - Ikarus Offlineshop System

[Ikarus_ 2330]

Hi guys, 

There's a guy that is blackmailing all servers that are using my offlineshop.

Not just my clients, but also those who downloaded it from some idiot's leak.

I'm sharing the fix here as 60/70% of the servers currently open use my shop.

 

Fix:

Spoiler

//FILE : new_offlineshop_manager.cpp
//SEARCH FOR
	bool CShopManager::RecvShopCreateOfferClientPacket(LPCHARACTER ch, TOfferInfo& offer)
	{
		if(!ch)
			return false;

		//offlineshop-updated 03/08/19
		if(ch->GetPlayerID() == offer.dwOwnerID)
			return false;

//ADD UNDER
		// fix flooding offers
		if (!CheckOfferCooldown(ch->GetPlayerID()))
			return false;
      

      
      
//SEARCH FOR:  
    void CShopManager::ClearSearchTimeMap()
	{
		m_searchTimeMap.clear();

//ADD UNDER
		// fix flooding offers
		m_offerCooldownMap.clear();
      
      
      
      
      
      
//SEARCH FOR      
	void CShopManager::ClearSearchTimeMap()
	{
		m_searchTimeMap.clear();
	}

      
//ADD UNDER
	// fix flooding offers
	bool CShopManager::CheckOfferCooldown(DWORD dwPID) {
		DWORD now = get_dword_time();
		const DWORD cooldown_seconds = 15;

		itertype(m_offerCooldownMap) it = m_offerCooldownMap.find(dwPID);
		if (it == m_offerCooldownMap.end()) {
			m_offerCooldownMap[dwPID] = now + cooldown_seconds *1000;
			return true;
		}

		if (it->second > now)
			return false;

		it->second = now + cooldown_seconds * 1000;
		return true;
	}
     
      
      
      
      
      
//FILE : new_offlineshop_manager.h
//SEARCH FOR:
        //search time map (checking to avoid search abouse)
		void		ClearSearchTimeMap();
		bool		CheckSearchTime(DWORD dwPID);

//ADD UNDER:
		// fix flooding offers
		bool		CheckOfferCooldown(DWORD dwPID);
 
      
      
      
//SEARCH FOR:
        AUCTIONMAP		m_mapAuctions;
//ADD UNDER:
		// fix flooding offers
		SEARCHTIMEMAP	m_offerCooldownMap;
      
      

      
      
//SEARCH FOR
int OfflineshopPacketCreateNewShop(LPCHARACTER ch, const char* data, int iBufferLeft)
{
	offlineshop::TSubPacketCGShopCreate* pack = nullptr;
	if(!CanDecode(pack, iBufferLeft))
		return -1;

	int iExtra=0;
	data = Decode(pack, data, &iExtra, &iBufferLeft);

	offlineshop::TShopInfo& rShopInfo = pack->shop;

  
 
//ADD UNDER
	//fix flooding
	if (rShopInfo.dwCount > 500 || rShopInfo.dwCount == 0) {
		sys_err("tried to open a shop with 500+ items.");
		return -1;
	}
      
      
      
      
      
      
      
//FILE : ClientManagerOfflineshop.cpp
//SEARCH FOR:

bool CClientManager::RecvOfflineShopOfferAccepted(const char* data)
{
	offlineshop::TSubPacketGDOfferAccept* subpack;
	data = Decode(subpack, data);

	offlineshop::COfferCache::TOfferCacheInfo* pOffer=nullptr;
	m_offlineshopOfferCache.Get(subpack->dwOfferID,&pOffer);
  
//ADD UNDER:
    if(!pOffer)
    	return true;

 

 

 

Random User :
Why are u sharing it using metin2dev?

Answer:
I m bored to see this guy make money by blackmailing.

 

 

Random User part2:
Is it right to share this fix even with those who are not your customer?

 

 

Answer:
I honestly think that anyone who uses the shop without permission, taking it from sources different from me, is not worthy of help from me, however I can't even allow so many people to be fooled by this idiot boy.

 

 

Random User part3:
Do you know who is blackmailing the p.server founders?

 

Answer:
Yes, i know his discord account : Mădălin#2332

I recommend to don't pay him at all. I would like to know other accounts of this guy, if anyone know some please report to me.

I also have the proofs about what i m talking.

 

 

 

BIG DISCLAIMER:
Test the code on a test-sever before to move it on a live-server.

Thanks to @VegaS™ for the tip about cooldown

Edited January 12, 2021 by Ikarus_

[VegaS™ 9942]

Typical for romanians, they're so hungry for money..

 

@MadalinAlaska - Banned

You should know that with those things what you did, you won't be happy in a long term.

Have careful with karma, you'll have a server online in one day, those guys will revenge themselves somehow.

[SukH 857]

and he still saying that to me if i have more money to pay he will tell me more fixes 

[Ikarus_ 2330]

4 minutes ago, ALF said:

and he still saying that to me if i have more money to pay he will tell me more fixes 

I m available on discord for who want help 
IkarusDeveloper#3677

 

 

Edited January 11, 2021 by Ikarus_

[Speachless 748]

Recommended to use both

[Etzhel 114]

Share offlineshop files  i need it hahahaba

[Ikarus_ 2330]

Fix updated with one more check in input_main.cpp

Edited January 14, 2021 by Ikarus_

[MrQuin 6049]

Random User part4:
Can you share the base so we can use the fix?

Answer:
Yes

[AKUROS 26]

On 1/12/2021 at 11:54 PM, MrQuin said:

Random User part4:
Can you share the base so we can use the fix?

Answer:
Yes

Can you share 200€?

 

 

Edited January 15, 2021 by AKUROS

[CaNNab1S 11]

My server didn't working after this

 

https://metin2.download/picture/1A106O2iEG4yImOhpSKeIqvCFbh58WIv/.gif

https://metin2.download/picture/hYhNyBGcGGyg9b2wnsHjmu6Zxctu5FHp/.png

 

SYSERR: Jan 15 03:30:35 :: Process: FDWATCH: peer null in event: ident 21
SYSERR: Jan 15 03:30:37 :: Process: FDWATCH: peer null in event: ident 21

 

 

Edited September 4, 2022 by Metin2 Dev
Core X - External 2 Internal

[SukH 857]

34 minutes ago, CaNNab1S said:

My server didn't working after this

 

https://metin2.download/picture/1A106O2iEG4yImOhpSKeIqvCFbh58WIv/.gif

https://metin2.download/picture/hYhNyBGcGGyg9b2wnsHjmu6Zxctu5FHp/.png

 

SYSERR: Jan 15 03:30:35 :: Process: FDWATCH: peer null in event: ident 21
SYSERR: Jan 15 03:30:37 :: Process: FDWATCH: peer null in event: ident 21

 

 

https://metin2.download/picture/hYhNyBGcGGyg9b2wnsHjmu6Zxctu5FHp/.png

 

the problem is not the fix check ur sysser better because i used the fix and in 1st time it work

Edited September 4, 2022 by Metin2 Dev
Core X - External 2 Internal

[CaNNab1S 11]

7 minutes ago, ALF said:

https://metin2.download/picture/hYhNyBGcGGyg9b2wnsHjmu6Zxctu5FHp/.png

 

the problem is not the fix check ur sysser better because i used the fix and in 1st time it work

All the server it works after this fix.

Edited September 4, 2022 by Metin2 Dev
Core X - External 2 Internal

[SukH 857]

8 minutes ago, CaNNab1S said:

All the server it works after this fix.

 so re check what u did wrong 

[CaNNab1S 11]

2x ctrl+z and re-check..

[FBI 43]

5 hours ago, CaNNab1S said:

My server didn't working after this

 

https://metin2.download/picture/1A106O2iEG4yImOhpSKeIqvCFbh58WIv/.gif

https://metin2.download/picture/hYhNyBGcGGyg9b2wnsHjmu6Zxctu5FHp/.png

 

SYSERR: Jan 15 03:30:35 :: Process: FDWATCH: peer null in event: ident 21
SYSERR: Jan 15 03:30:37 :: Process: FDWATCH: peer null in event: ident 21

 

 

Then buy that offlineshop from Ikarus and don't cry.

Edited September 4, 2022 by Metin2 Dev
Core X - External 2 Internal

[CaNNab1S 11]

Who can help me? When i put this fix the server is not starting

[Helia01 2055]

7 hours ago, CaNNab1S said:

Who can help me? When i put this fix the server is not starting

Attach the server startup logs or do you think we are psychics here?

[CaNNab1S 11]

@Helia01

Only This:

Quote

 

My server didn't working after this

 

https://metin2.download/picture/1A106O2iEG4yImOhpSKeIqvCFbh58WIv/.gif

https://metin2.download/picture/hYhNyBGcGGyg9b2wnsHjmu6Zxctu5FHp/.png

 

SYSERR: Jan 15 03:30:35 :: Process: FDWATCH: peer null in event: ident 21
SYSERR: Jan 15 03:30:37 :: Process: FDWATCH: peer null in event: ident 21

 

 

Edited September 4, 2022 by Metin2 Dev
Core X - External 2 Internal